On Wed, Apr 7, 2010 at 1:07 AM, Kevin Grittner <Kevin.Grittner@xxxxxxxxxxxx> wrote: > Timothy Madden <terminatorul@xxxxxxxxx> wrote: > [...] > But the server needs to read certain data from the database > directory in order to start. In particular, WAL files need to be > read to get a clean start, and those can contain any data from the > database table. Any or all tables may need to be accessed to get > the database to a consistent point on startup. Plus there are all > the system catalogs, including the ones needed to authenticate > users. OK let's put the key logger issue aside from database encryption. I am willing to accept that the server may need to read the list of tables/schema-objects in the database, and some leftover data, in order to start, as long as the leftover data is immediately discarded upon start-up, and as long as it is likely that this data is not a large fraction of the data found in the database. It would still be nice if this check or clean-up could be delayed until such time some user really selects the database for use, and provides a password. I would expect the database (or catalog, I guess, is it ?) to be visible, but any attempt to connect without the password would fail as if user has no rights on the database or the password is wrong. What I perceive as a problem here might be that an encrypted database would automatically need the privileges to be set up so that only the owner can read or connect to it. That is its privileges would have to indicate that even the postgres user can not read it. Except maybe for the names of tables and schema objects, if the server insists that it needs those for a clean start up, and so those shall remain clear text. User authentication should be unrelated to encrypting the database owned by that user. You can think of it as if only the owner can ever connect to such a database, and his/her password is the encryption key, or as if any user that wishes to connect should provide the encryption key first, and then the user name and password. Thank you, Timothy Madden -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
